[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
-----BEGIN PGP SIGNED MESSAGE-----
At 11:42 AM 11/17/97 -0700, Bob Jueneman wrote:
>>I suspect that the scarcity of key pairs comes back to an assumption in
>>parts that one needs a purchased identity certificate in order to use a key
>>pair. This assumption comes from the business model of a CA, not from
>> - Carl
>No, thats a conclusion, rather than an assumption.
>The assumption is that in order to be able to trust a key pair nominally
>associated with someone you have never met and don't know anything about,
>that is it necessary to have some trusted third party play some kind of an
>intermediary role in vouching for the individual who allegedly holds the
This assumption is valid as stated but you use it to lead to invalid
conclusions, so we need to examine your logic.
If you intend to honor a key, you need to have the necessary authorization
pass from you to that key (back to you) through an unbroken loop. This
means, that unless you issue the empowering certificate yourself, there must
be some other agent in the path between you and the key to which you have
delegated the authority to pass along this kind of authorization. This is
the intermediate party you call for -- and it's there only to spread out the
In other words, if you have any security policy at all, you won't deal with
keyholders you know nothing about. You need to know something about the
keyholder relevant to your business. E.g., "is this keyholder allowed to
use this credit card?"
>The trusted third party may or may not testify to the creditworthiness of
>that individual -- they may only confirm his identity, AKA his globally
>unambiguous name (sorry, Carl). but in order for this identification to have
>some viability in the commercial world, there has to be the possibility of
>financial recourse in the event the CA screws up.
You're assuming that a global name implies the ability to track down someone
for prosecution. That's a bogus assumption. This is what I call, after the
last ABA-ISC meeting, a "lawyer's cert". It was described to me there by
Richard Field. The cert does not give any such promise. Its only validity
is in hoodwinking the cert holder into honest behavior because he thinks he
might be traceable.
>And since such enterprises don't run on love, the CAs will charge for these
The real Issuer you want here is ACME Process Servers, issuing a cert
expiring on 31-dec-2001 promising to track down and serve papers on the
keyholder (for a fee, of course) at any time up til 31-dec-2001, in the
event of fraud by the keyholder. ACME, of course, will not put any
generally usable identifying information in that cert. The cert will have
ACME's file number -- just enough to let ACME and no one else track down
that fee in the event the cert is submitted for redemption.
>That doesn't mean that your PGP certificates may not be perfectly acceptable
>among your circle of friends.. It just means that your bank won't accept
>them, and neither will the local five and dime.
PGP certs never did mean anything real to me -- well, they're more real than
an X.509 cert because they tie e-mail address to key -- but they still use a
global name space.
There's every reason for my local bank to accept SPKI/SDSI certs, however,
because they themselves will empower the cert loops in which one might find
an SPKI cert I issue to my daughter (delegating some of my spending power)
or to my temporary laptop traveling key.
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
-----END PGP SIGNATURE-----
|Carl M. Ellison firstname.lastname@example.org http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |